[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ET) Virus in Forwarded Mail
- Subject: Re: (ET) Virus in Forwarded Mail
- From: "SteveS" <ssawtelle fcc net>
- Date: Mon, 10 Jun 2002 15:10:13 -0400
- References: <001701c210ad$f88d6d80$e33c3a41@jhcpc>
- Sender: owner-elec-trak cosmos phy tufts edu
Not to continue off topic, but I think this is important:
I believe the Klez (or one like it) virus uses the "returned message" as a
way to get you to open the attachment, since you're trying to figure out
what it was you sent. I got one of those a couple months ago. These viruses
also use many variations of subject line so beware of that. The attachment
names are also all over the place.
In general:
- Use an anti-virus progam
- Do not open attachments unless you absolutely positively know it's source
- Back up your drive often
- Set higher security levels in email and internet settings
- Be sure you have all the latest patches to Outlook or whatever you use
(it's amazing how leaky these programs are)
I know it's all a pain, but it's the world we live in. Some of these newer
viruses are vicious. Our accountant got one from someone she knew and it
took her and our server drive out completely. We restored from backups and
made sure her anti-virus was up to date (it wasn't before).
----- Original Message -----
From: "Herb Crary" <jhcrary earthlink net>
To: "Elec-trak Mail List" <>
Sent: Monday, June 10, 2002 2:38 PM
Subject: Fw: (ET) Virus in Forwarded Mail
> Thanks, Dave, for clarifying some things I had neglected to mention. Some
of
> the messages even came from postmaster@someserverIdon'tremember. It said
> that a message I had sent was being returned to me due to an error. The
> attachment to those messages, which contained the virus, were said to be
> emails I had sent and were rejected. I didn't recognize the user name or
the
> server name on any of them, so Klez is busily spoofing addresses on
> someone's server and sending them to every address that it can find,
> which
> evidently includes mine and some others on this list. I'm thankful for
> Norton Anti Virus-- I can see that it checks everything that goes out as
> well as all that comes in.
>
> Herb Crary
>
> ----- Original Message -----
> From: David Roden (Akron OH USA) <roden ald net>
> To: Elec-trak Mail List <elec-trak cosmos phy tufts edu>
> Sent: Monday, June 10, 2002 7:43 AM
> Subject: Re: (ET) Virus in Forwarded Mail
>
>
> > On 9 Jun 2002 at 22:06, Herb Crary wrote:
> >
> > > I have received five emails in the last two days that Norton Anti
Virus
> has
> > > detected a virus in. It is in an attached file called BGCOLOR.pif;
> > > the
> virus
> > > is W32Klez.H@mn, I believe. I have deleted each email that contained
it
> for
> > > safety. Someone who posts to the Elec-trak has had their computer
> infected.
> >
> > Just to be 100% clear here, none of these has been posted to the list.
> Herb
> > is receiving these messages directly from the victim, not from the
> > list.
> So
> > if you haven't received them please don't feel left out. <g>
> >
> > The Klez worm is able to spoof the "from" address in emails, stealing
the
> > addresses from files and emails it finds on the victim's computer.
> > I've
> > received emails from a couple of friends, warning me that my computer
> > supposedly has a virus because they received Klez worms with my name on
> > them. 'Taint so. My computer is clean, and the mail headers show that
> the
> > messages don't originate with my ISP. Klez is sullying my good name.
<g>
> >
> > Apparently someone to whom Herb has sent email in the past is infected,
> and
> > has the ET list's posting address somewhere in his computer. The
> > sender
> > could be an ET list member, but could just as well not be. Someone
could
> > have forwarded a copy of a post to him, or CCed him on a post. As long
as
> > the address is on a file somewhere in his computer, Klez will find it.
> >
> > But it never hurts to run an extra virus scan, just in case. Of course
if
> > you're running Linux, Windows 3.1, or some other less common OS or
> variant,
> > you don't have to worry about this.
> >
> >
> > David Roden - Akron, Ohio, USA
> > 1991 Solectria Force 144vac
> > 1991 Ford Escort Green/EV 128vdc
> > 1970 GE Elec-trak E15 36vdc
> > 1974 Avco New Idea 36vdc
> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
> > Thou shalt not send me any thing which says unto thee, "send this to
> > all
> >
> > thou knowest." Neither shalt thou send me any spam, lest I smite thee.
> >
> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
> >
> > Est. yearly US cost to safeguard Persian Gulf oil supply: $50 billion
> >
> > Est. 2001 value of US crude oil imports from Persian Gulf: $19 billion
> > -- Harper's Index, April 2002
> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
> >
> >
> >
>
>
>